package cn.wolfcode.crm.shiro;

import cn.wolfcode.crm.domain.Employee;
import cn.wolfcode.crm.domain.Permission;
import cn.wolfcode.crm.domain.Role;
import cn.wolfcode.crm.mapper.EmployeeMapper;
import cn.wolfcode.crm.mapper.PermissionMapper;
import cn.wolfcode.crm.mapper.RoleMapper;
import cn.wolfcode.crm.service.IEmployeeService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import java.util.List;
import java.util.stream.Collectors;

@Component
public class CrmAccountRealm extends AuthorizingRealm {

    @Autowired
    private IEmployeeService employeeService;

    @Autowired
    private RoleMapper roleMapper;

    @Autowired
    private PermissionMapper permissionMapper;


    @Autowired
    @Override
    public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
        super.setCredentialsMatcher(credentialsMatcher);
    }

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        //获取用户名
        Object username = authenticationToken.getPrincipal();
        //查数据库比对
        Employee employee = employeeService.selectByName(username);
        System.out.println(employee);
        if(employee!=null){
            return new SimpleAuthenticationInfo(employee,employee.getPassword(),
                    //对输入的密码进行加盐  加密
                    ByteSource.Util.bytes(employee.getEmail()),
                    "AuthenticationInfo");
        }
        return null;
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        //获取用户信息
        Employee employee = (Employee)principalCollection.getPrimaryPrincipal();
        //如果用户是超级管理员   拥有所有权限
        if(employee.isAdmin()){
            info.addRole("admin");
            info.addStringPermission("*:*");
            return info;
        }
        //获取该用户的所有角色信息
        List<Role>  roles = roleMapper.selectRolesByEmpId(employee.getId());
        //获取角色的sn 使用limada
        List<String> role_sn = roles.stream().map(role -> role.getSn()).collect(Collectors.toList());
        info.addRoles(role_sn);
        // 获取角色的所有权限信息
        List<Permission> permissions = permissionMapper.selectByEmpId(employee.getId());

        //获取权限的expression 使用limada
        List<String> per_expression = permissions.stream().map(permission -> permission.getExpression()).collect(Collectors.toList());
        info.addStringPermissions(per_expression);

        return info;
    }

}
